zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. a_hume+h4[view] [source] 2022-10-02 14:51:10
>>rvz+(OP)
I know next to nothing about kernel programming, but I'm not sure here what Linus' objection to the comment he is responding to here is.

The comment seemed to be making reference to rust's safety guarantees about undefined behaviour like use after free.

Linus' seems to have a completely different definition of "safey" that conflates allocation failures, indexing out of bounds, and division by zero with memory safety. Rust makes no claims about those problems, and the comment clearly refers to undefined behaviour. Obviously, those other problems are real problems, but just not ones that Rust claims to solve.

Edit: Reading the chain further along, it increasingly feels like Linus is aruging against a strawman.

◧◩
2. arinle+u9[view] [source] 2022-10-02 15:21:47
>>a_hume+h4
> I know next to nothing about kernel programming, but I'm not sure here what Linus' objection to the comment he is responding to here is.

You should read the email thread, as Linhas explains in clear terms.

Take for instance Linus's insightful followup post:

https://lkml.org/lkml/2022/9/19/1250

◧◩◪
3. ChrisS+ja[view] [source] 2022-10-02 15:26:30
>>arinle+u9
What is better: continuing to "limp along" in some unknown corrupted state (aka undefined behaviour) or in a well defined (albeit invalid) state?
◧◩◪◨
4. yencab+ba1[view] [source] 2022-10-02 21:37:48
>>ChrisS+ja
What is better for a desktop user:

1) needing to reload a wifi driver to reinitialize hardware (with a tiny probability of memory corruption) OR choosing to reboot as soon as convenient (with a tiny probability of corrupting the latest saved files)

2) to lose unsaved files for sure and not even know what caused the crash

◧◩◪◨⬒
5. Jweb_G+qc1[view] [source] 2022-10-02 21:55:58
>>yencab+ba1
The latter, because the "tiny probability of memory corruption" can easily become a CVE.
◧◩◪◨⬒⬓
6. P5fRxh+Xl1[view] [source] 2022-10-02 23:02:03
>>Jweb_G+qc1
We have a term for this.

FUD

◧◩◪◨⬒⬓⬔
7. Jweb_G+rp1[view] [source] 2022-10-02 23:31:00
>>P5fRxh+Xl1
Linux has numerous CVEs, and a large percentage stem from memory corruption. That's not FUD, I'm afraid.
◧◩◪◨⬒⬓⬔⧯
8. scoutt+Tb2[view] [source] 2022-10-03 07:29:37
>>Jweb_G+rp1
It's FUD. And not only that. The fear of constantly being attacked by an external entity is also paranoic.
◧◩◪◨⬒⬓⬔⧯▣
9. Jweb_G+Kml[view] [source] 2022-10-09 04:13:55
>>scoutt+Tb2
Unfortunately, whether you personally care about this sort of thing isn't good enough anymore. Owned Linux boxes on IoT devices are now being marshaled into massive botnets used to perform denial of service attacks, while other vulnerabilities are exploited to enable ransomware. You having negligent security on your own unpatched box because you don't personally feel like it's a good tradeoff has many negative external consequences. Fortunately, the decision isn't actually up to you (and having fewer vulnerabilities won't influence you negatively anyway, so I'm not sure why you're so angry about it).
◧◩◪◨⬒⬓⬔⧯▣▦
10. scoutt+Xyo[view] [source] 2022-10-10 12:31:58
>>Jweb_G+Kml
> why you're so angry about it

Am I?

You suppose a lot of things about me from literaly a bunch of words.

"A 'tiny probability of memory corruption' can easily become a CVE" is still FUD, because is simply not true in most cases. The words "tiny" and "easily" show the bias here.

The rest of the conversation seems a symptom of Hypervigilance: Fixation on potential threats (dangerous people, animals, or situations).

Fortunately, the decision isn't up to you either.

[go to top]